Cyber Round-up

Cyber Round-up for 30th October

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Nitro data breach impacts Microsoft, Google, Apple

Nitro, a PDF service used by approximately 1.8 million users, to create, and sign digital documents has suffered a major data breach. Nitro issued an advisory on the 21st October stating they had experienced a low impact security incident and that no customer data was at risk. That was not the whole story, with a database of 70 million records containing email, names, hashed passwords and IP addresses, being amongst the data for sale via private auction. If you have a Nitro account its advisable to get that password changed ASAP.


Things You Wish You Had Done Before a Ransomware Attack

The guys at PWNDEFEND have published a new blog highlighting the 10 things you wish you had done before being hit by a ransomware attack. The last thing any of us want when we login for the first time, on a new day at work, is to be presented with a dreaded ransom note. For those of you that want to try and prevent this very scenario, head over to the blog to see what these 10 things can do to help you and your business.


Therapy patients blackmailed for cash after clinic data breach

Patients of Vastaamo, a large clinic based in Finland, have been subjected to a blackmail campaign, after their data was stolen in a breach. Personally identifiable information and recorded notes about therapy sessions were stolen during two incidents in November 2018 and March 2019. Patients are being contacted by ‘the ransom guy’ and ordered to pay increasing fees, and if they fail to pay, their details and sessions will be published online. Approximately 300 records have so far been published on the dark web.


Meraki Banner


DNS attacks target service providers

DNS based attacks are on the rise with over 83% of service providers experiencing some form of attack. Common attack types used by hackers were phishing attacks (37%), DNS-based malware (33%), DDoS attacks (27%), lock-up domain attacks (22%), which may cause DNS services to exhaust their resources. Successful DNS attacks can have far reaching consequences, affecting both the provider and its customers, experiencing disruptions and outages. An effective DNS security architecture is key to fend off these attacks and avoid unwanted impact.


FBI Warns of Major Ransomware to Healthcare

An alert has been issued by the FBI and Human Health Services in the US, warning of the continued threat of ransomware attacks on the health sector. Even during the pandemic, bad guys continue to use malware such as RYUK and TrickBot, to target healthcare which results in ransomware, data theft and disruption to health services. Recommendations include a strict patching regime, network segmentation and regular offline backups, to help both prevention and recovery activities.

The CISA alert can be found here.


AMP Graphic 2809

Vulnerabilities & Updates

Oracle WebLogic Flaw Actively Being Exploited

Researchers are warning that a critical remote code execution vulnerability in Oracle WebLogic (CVE-2020-14882), is being actively exploited by malicious actors. The vuln in question affects the WebLogic console and was fixed in the October release of its quarterly critical patch update. The attack is easy to execute, requiring no privileges and no user interaction to exploit using network access via HTTP. Oracle WebLogic users are urged to review and update their systems as soon as they can.


And that is it for this week’s round-up, please don’t forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #115 – 30th October 2020

Why not follow us on social media:

Ironshare – Security Simplified